httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "William A. Rowe Jr." <wr...@rowe-clan.net>
Subject Re: svn commit: r1194999 - in /httpd/httpd/branches/2.2.x: CHANGES STATUS modules/arch/win32/mod_win32.c
Date Mon, 31 Oct 2011 03:52:17 GMT
For the time being... -1.  This sort of radical change doesn't belong
on an already released branch.

I'm not likely to reverse on this but would accept a more narrow patch.

Submitter completely discounts the fact that the entire env table modulo
the http/1.1 input was already in utf-8.


On 10/29/2011 2:44 PM, fuankg@apache.org wrote:
> Author: fuankg
> Date: Sat Oct 29 19:44:45 2011
> New Revision: 1194999
> 
> URL: http://svn.apache.org/viewvc?rev=1194999&view=rev
> Log:
> Applied backport: Invert logic for env var utf-8 fixing.
> 
> Now we exclude a list of vars which we know for sure they
> dont hold utf-8 chars; all other vars will be fixed. This
> has the benefit that now also all vars from 3rd-party
> modules will be fixed.
> 
> Modified:
>     httpd/httpd/branches/2.2.x/CHANGES
>     httpd/httpd/branches/2.2.x/STATUS
>     httpd/httpd/branches/2.2.x/modules/arch/win32/mod_win32.c
> 
> Modified: httpd/httpd/branches/2.2.x/CHANGES
> URL: http://svn.apache.org/viewvc/httpd/httpd/branches/2.2.x/CHANGES?rev=1194999&r1=1194998&r2=1194999&view=diff
> ==============================================================================
> --- httpd/httpd/branches/2.2.x/CHANGES [utf-8] (original)
> +++ httpd/httpd/branches/2.2.x/CHANGES [utf-8] Sat Oct 29 19:44:45 2011
> @@ -1,6 +1,12 @@
>                                                           -*- coding: utf-8 -*-
>  Changes with Apache 2.2.22
>  
> +  *) mod_win32: Invert logic for env var UTF-8 fixing.
> +     Now we exclude a list of vars which we know for sure they dont hold UTF-8
> +     chars; all other vars will be fixed. This has the benefit that now also
> +     all vars from 3rd-party modules will be fixed. PR 13029 / 34985.
> +     [Guenter Knauf]
> +
>    *) SECURITY: CVE-2011-3368 (cve.mitre.org)
>       Reject requests where the request-URI does not match the HTTP
>       specification, preventing unexpected expansion of target URLs in
> 
> Modified: httpd/httpd/branches/2.2.x/STATUS
> URL: http://svn.apache.org/viewvc/httpd/httpd/branches/2.2.x/STATUS?rev=1194999&r1=1194998&r2=1194999&view=diff
> ==============================================================================
> --- httpd/httpd/branches/2.2.x/STATUS (original)
> +++ httpd/httpd/branches/2.2.x/STATUS Sat Oct 29 19:44:45 2011
> @@ -92,18 +92,6 @@ RELEASE SHOWSTOPPERS:
>  PATCHES ACCEPTED TO BACKPORT FROM TRUNK:
>    [ start all new proposals below, under PATCHES PROPOSED. ]
>  
> -  * mod_win32: Invert logic for env var UTF-8 fixing.
> -    Now we exclude a list of vars which we know for sure they
> -    dont hold UTF-8 chars; all other vars will be fixed. This
> -    has the benefit that now also all vars from 3rd-party modules
> -    will be fixed. This fix is based on PR 13029 / 34985, and
> -    includes now the SSL_ and GEOIP_ vars; otherwise its impossible
> -    to run CGIs when mod_ssl and/or mod_geoip are loaded and those
> -    mods return UTF-8 chars in any var during a request.
> -    Trunk patch: http://svn.apache.org/viewvc/httpd/httpd/trunk/modules/arch/win32/mod_win32.c?r1=1054347&r2=1146932
> -    2.2.x patch: http://people.apache.org/~fuankg/diffs/2.2.x-mod_win32.c.diff
> -    +1: fuankg, gsmith, rjung
> -
>    * mod_log_config: Fix segfault for 'BufferedLogs Off'. PR 50861.
>      Trunk patch: http://svn.apache.org/viewvc?view=revision&revision=1082518
>      2.2.x patch: Trunk patch works
> 
> Modified: httpd/httpd/branches/2.2.x/modules/arch/win32/mod_win32.c
> URL: http://svn.apache.org/viewvc/httpd/httpd/branches/2.2.x/modules/arch/win32/mod_win32.c?rev=1194999&r1=1194998&r2=1194999&view=diff
> ==============================================================================
> --- httpd/httpd/branches/2.2.x/modules/arch/win32/mod_win32.c (original)
> +++ httpd/httpd/branches/2.2.x/modules/arch/win32/mod_win32.c Sat Oct 29 19:44:45 2011
> @@ -531,13 +531,13 @@ static apr_status_t ap_cgi_build_command
>       * application (following the OEM or Ansi code page in effect.)
>       */
>      for (i = 0; i < elts_arr->nelts; ++i) {
> -        if (win_nt && elts[i].key && *elts[i].key
> -                && (strncmp(elts[i].key, "HTTP_", 5) == 0
> -                 || strncmp(elts[i].key, "SERVER_", 7) == 0
> -                 || strncmp(elts[i].key, "REQUEST_", 8) == 0
> -                 || strcmp(elts[i].key, "QUERY_STRING") == 0
> -                 || strcmp(elts[i].key, "PATH_INFO") == 0
> -                 || strcmp(elts[i].key, "PATH_TRANSLATED") == 0)) {
> +        if (win_nt && elts[i].key && *elts[i].key && *elts[i].val
> +                && !(strncmp(elts[i].key, "REMOTE_", 7) == 0
> +                || strcmp(elts[i].key, "GATEWAY_INTERFACE") == 0
> +                || strcmp(elts[i].key, "REQUEST_METHOD") == 0
> +                || strcmp(elts[i].key, "SERVER_ADDR") == 0
> +                || strcmp(elts[i].key, "SERVER_PORT") == 0
> +                || strcmp(elts[i].key, "SERVER_PROTOCOL") == 0)) {
>              prep_string((const char**) &elts[i].val, r->pool);
>          }
>      }
> 
> 
> 


Mime
View raw message